@steedos/objectql 2.1.57 → 2.1.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/dynamic-load/preload_data.d.ts +3 -0
- package/lib/dynamic-load/preload_data.js +158 -1
- package/lib/dynamic-load/preload_data.js.map +1 -1
- package/lib/dynamic-load/restrictionRules.d.ts +1 -0
- package/lib/dynamic-load/restrictionRules.js +42 -0
- package/lib/dynamic-load/restrictionRules.js.map +1 -0
- package/lib/dynamic-load/shareRules.d.ts +1 -0
- package/lib/dynamic-load/shareRules.js +42 -0
- package/lib/dynamic-load/shareRules.js.map +1 -0
- package/lib/index.d.ts +3 -0
- package/lib/index.js +3 -0
- package/lib/index.js.map +1 -1
- package/lib/metadata-register/_base.d.ts +3 -1
- package/lib/metadata-register/_base.js +16 -5
- package/lib/metadata-register/_base.js.map +1 -1
- package/lib/metadata-register/permissionFields.d.ts +7 -0
- package/lib/metadata-register/permissionFields.js +18 -0
- package/lib/metadata-register/permissionFields.js.map +1 -0
- package/lib/metadata-register/restrictionRules.d.ts +7 -0
- package/lib/metadata-register/restrictionRules.js +18 -0
- package/lib/metadata-register/restrictionRules.js.map +1 -0
- package/lib/metadata-register/shareRules.d.ts +7 -0
- package/lib/metadata-register/shareRules.js +18 -0
- package/lib/metadata-register/shareRules.js.map +1 -0
- package/lib/types/field_permission.d.ts +4 -0
- package/lib/types/field_permission.js +50 -0
- package/lib/types/field_permission.js.map +1 -0
- package/lib/types/object.d.ts +0 -4
- package/lib/types/object.js +268 -261
- package/lib/types/object.js.map +1 -1
- package/lib/types/object_dynamic_load.js +13 -4
- package/lib/types/object_dynamic_load.js.map +1 -1
- package/lib/types/restrictionRule.d.ts +13 -0
- package/lib/types/restrictionRule.js +75 -0
- package/lib/types/restrictionRule.js.map +1 -0
- package/lib/types/shareRule.d.ts +13 -0
- package/lib/types/shareRule.js +75 -0
- package/lib/types/shareRule.js.map +1 -0
- package/lib/util/field.js +4 -4
- package/lib/util/field.js.map +1 -1
- package/lib/util/function_expression.d.ts +1 -1
- package/lib/util/function_expression.js +3 -2
- package/lib/util/function_expression.js.map +1 -1
- package/package.json +8 -8
- package/src/dynamic-load/preload_data.ts +44 -0
- package/src/dynamic-load/restrictionRules.ts +19 -0
- package/src/dynamic-load/shareRules.ts +19 -0
- package/src/index.ts +4 -1
- package/src/metadata-register/_base.ts +14 -3
- package/src/metadata-register/permissionFields.ts +13 -0
- package/src/metadata-register/restrictionRules.ts +12 -0
- package/src/metadata-register/shareRules.ts +13 -0
- package/src/types/field_permission.ts +26 -0
- package/src/types/object.ts +89 -68
- package/src/types/object_dynamic_load.ts +4 -1
- package/src/types/restrictionRule.ts +57 -0
- package/src/types/shareRule.ts +57 -0
- package/src/util/field.ts +4 -4
- package/src/util/function_expression.ts +2 -2
package/lib/types/object.js
CHANGED
|
@@ -16,6 +16,9 @@ var object_events_1 = require("./object_events");
|
|
|
16
16
|
var i18n_1 = require("@steedos/i18n");
|
|
17
17
|
var object_layouts_1 = require("./object_layouts");
|
|
18
18
|
var lodash_1 = require("lodash");
|
|
19
|
+
var shareRule_1 = require("./shareRule");
|
|
20
|
+
var restrictionRule_1 = require("./restrictionRule");
|
|
21
|
+
var field_permission_1 = require("./field_permission");
|
|
19
22
|
var clone = require('clone');
|
|
20
23
|
// 主子表有层级限制,超过3层就报错,该函数判断当前对象作为主表对象往下的层级最多不越过3层,
|
|
21
24
|
// 其3层指的是A-B-C-D,它们都有父子关系,A作为最顶层,该对象上不可以再创建主表子表关系字段,但是B、C、D上可以;
|
|
@@ -713,117 +716,125 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
713
716
|
};
|
|
714
717
|
SteedosObjectType.prototype.getUserObjectPermission = function (userSession) {
|
|
715
718
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
716
|
-
var roles, objectRolesPermission, userObjectPermission, field_permissions, spaceId;
|
|
719
|
+
var roles, objectRolesPermission, userObjectPermission, rolesFieldsPermission, field_permissions, spaceId;
|
|
717
720
|
return tslib_1.__generator(this, function (_a) {
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
728
|
-
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
var
|
|
755
|
-
if (
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
761
|
-
if (_.isBoolean(_v)) {
|
|
762
|
-
userObjectPermission[k] = _v;
|
|
763
|
-
}
|
|
764
|
-
}
|
|
765
|
-
else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
|
|
766
|
-
if ('edit_filters' === k) {
|
|
767
|
-
if (!_.isEmpty(_v)) {
|
|
768
|
-
userObjectPermission['read_filters'].push(_v);
|
|
721
|
+
switch (_a.label) {
|
|
722
|
+
case 0:
|
|
723
|
+
if (!userSession) {
|
|
724
|
+
throw new Error('userSession is required');
|
|
725
|
+
}
|
|
726
|
+
roles = userSession.roles;
|
|
727
|
+
objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
|
|
728
|
+
userObjectPermission = {
|
|
729
|
+
allowRead: false,
|
|
730
|
+
allowCreate: false,
|
|
731
|
+
allowEdit: false,
|
|
732
|
+
allowDelete: false,
|
|
733
|
+
viewAllRecords: false,
|
|
734
|
+
modifyAllRecords: false,
|
|
735
|
+
viewCompanyRecords: false,
|
|
736
|
+
modifyCompanyRecords: false,
|
|
737
|
+
allowReadFiles: null,
|
|
738
|
+
viewAllFiles: null,
|
|
739
|
+
allowCreateFiles: null,
|
|
740
|
+
allowEditFiles: null,
|
|
741
|
+
allowDeleteFiles: null,
|
|
742
|
+
modifyAllFiles: null,
|
|
743
|
+
disabled_list_views: null,
|
|
744
|
+
disabled_actions: null,
|
|
745
|
+
unreadable_fields: null,
|
|
746
|
+
uneditable_fields: null,
|
|
747
|
+
unrelated_objects: null,
|
|
748
|
+
field_permissions: null,
|
|
749
|
+
};
|
|
750
|
+
if (_.isEmpty(roles)) {
|
|
751
|
+
throw new Error('not find user permission');
|
|
752
|
+
}
|
|
753
|
+
return [4 /*yield*/, field_permission_1.FieldPermission.getObjectFieldsPermissionGroupRole(this.name)];
|
|
754
|
+
case 1:
|
|
755
|
+
rolesFieldsPermission = _a.sent();
|
|
756
|
+
roles.forEach(function (role) {
|
|
757
|
+
var rolePermission = objectRolesPermission[role];
|
|
758
|
+
if (rolePermission) {
|
|
759
|
+
var roleFieldsPermission_1 = rolesFieldsPermission[role];
|
|
760
|
+
_.each(userObjectPermission, function (v, k) {
|
|
761
|
+
var _v = rolePermission[k];
|
|
762
|
+
if (k === 'field_permissions') {
|
|
763
|
+
_v = roleFieldsPermission_1;
|
|
769
764
|
}
|
|
770
|
-
|
|
771
|
-
|
|
772
|
-
|
|
773
|
-
|
|
765
|
+
if (_.isBoolean(v)) {
|
|
766
|
+
if (v === false && _v === true) {
|
|
767
|
+
userObjectPermission[k] = _v;
|
|
768
|
+
}
|
|
769
|
+
}
|
|
770
|
+
else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
|
|
771
|
+
if (_.isBoolean(_v)) {
|
|
772
|
+
userObjectPermission[k] = _v;
|
|
773
|
+
}
|
|
774
|
+
}
|
|
775
|
+
else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
|
|
776
|
+
if ('edit_filters' === k) {
|
|
777
|
+
if (!_.isEmpty(_v)) {
|
|
778
|
+
userObjectPermission['read_filters'].push(_v);
|
|
779
|
+
}
|
|
780
|
+
}
|
|
781
|
+
if (!_.isEmpty(_v)) {
|
|
782
|
+
userObjectPermission[k].push(_v);
|
|
783
|
+
}
|
|
784
|
+
}
|
|
785
|
+
else if ((_.isArray(v) || _.isNull(v))) {
|
|
786
|
+
if (!_.isArray(_v)) {
|
|
787
|
+
_v = [];
|
|
788
|
+
}
|
|
789
|
+
if (_.isNull(v)) {
|
|
790
|
+
userObjectPermission[k] = _v;
|
|
791
|
+
}
|
|
792
|
+
else {
|
|
793
|
+
if (k === 'field_permissions') {
|
|
794
|
+
userObjectPermission[k] = _.union(v, _v);
|
|
795
|
+
}
|
|
796
|
+
else {
|
|
797
|
+
userObjectPermission[k] = _.intersection(v, _v);
|
|
798
|
+
}
|
|
799
|
+
}
|
|
800
|
+
}
|
|
801
|
+
});
|
|
774
802
|
}
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
userObjectPermission[k] = _.union(v, _v);
|
|
803
|
+
});
|
|
804
|
+
field_permissions = {};
|
|
805
|
+
if (userObjectPermission.field_permissions) {
|
|
806
|
+
_.each(userObjectPermission.field_permissions, function (field_permission) {
|
|
807
|
+
var field = field_permission.field, read = field_permission.read, edit = field_permission.edit;
|
|
808
|
+
if (field_permissions[field]) {
|
|
809
|
+
field_permissions[field].edit = field_permissions[field].edit || edit;
|
|
810
|
+
if (field_permissions[field].edit) {
|
|
811
|
+
field_permissions[field].read = true;
|
|
785
812
|
}
|
|
786
813
|
else {
|
|
787
|
-
|
|
814
|
+
field_permissions[field].read = field_permissions[field].read || read;
|
|
788
815
|
}
|
|
789
816
|
}
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
if (field_permissions[field]) {
|
|
799
|
-
field_permissions[field].edit = field_permissions[field].edit || edit;
|
|
800
|
-
if (field_permissions[field].edit) {
|
|
801
|
-
field_permissions[field].read = true;
|
|
802
|
-
}
|
|
803
|
-
else {
|
|
804
|
-
field_permissions[field].read = field_permissions[field].read || read;
|
|
805
|
-
}
|
|
817
|
+
else {
|
|
818
|
+
field_permissions[field] = {
|
|
819
|
+
field: field,
|
|
820
|
+
read: edit || read,
|
|
821
|
+
edit: edit
|
|
822
|
+
};
|
|
823
|
+
}
|
|
824
|
+
});
|
|
806
825
|
}
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
826
|
+
userObjectPermission.field_permissions = field_permissions;
|
|
827
|
+
userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
|
|
828
|
+
userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
|
|
829
|
+
userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
|
|
830
|
+
userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
|
|
831
|
+
userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
|
|
832
|
+
spaceId = userSession.spaceId;
|
|
833
|
+
if (util_1.isTemplateSpace(spaceId)) {
|
|
834
|
+
return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
|
|
813
835
|
}
|
|
814
|
-
|
|
836
|
+
return [2 /*return*/, userObjectPermission];
|
|
815
837
|
}
|
|
816
|
-
userObjectPermission.field_permissions = field_permissions;
|
|
817
|
-
userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
|
|
818
|
-
userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
|
|
819
|
-
userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
|
|
820
|
-
userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
|
|
821
|
-
userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
|
|
822
|
-
spaceId = userSession.spaceId;
|
|
823
|
-
if (util_1.isTemplateSpace(spaceId)) {
|
|
824
|
-
return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
|
|
825
|
-
}
|
|
826
|
-
return [2 /*return*/, userObjectPermission];
|
|
827
838
|
});
|
|
828
839
|
});
|
|
829
840
|
};
|
|
@@ -1795,42 +1806,29 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1795
1806
|
});
|
|
1796
1807
|
});
|
|
1797
1808
|
};
|
|
1798
|
-
|
|
1799
|
-
|
|
1800
|
-
|
|
1801
|
-
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
|
|
1805
|
-
|
|
1806
|
-
|
|
1807
|
-
|
|
1808
|
-
|
|
1809
|
-
|
|
1810
|
-
|
|
1811
|
-
|
|
1812
|
-
|
|
1813
|
-
|
|
1814
|
-
|
|
1815
|
-
|
|
1816
|
-
|
|
1817
|
-
|
|
1818
|
-
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
if (_.include(allowEditIds, record._id)) {
|
|
1822
|
-
record.record_permissions = {
|
|
1823
|
-
allowRead: true,
|
|
1824
|
-
allowEdit: true,
|
|
1825
|
-
allowDelete: true,
|
|
1826
|
-
};
|
|
1827
|
-
}
|
|
1828
|
-
});
|
|
1829
|
-
return [2 /*return*/];
|
|
1830
|
-
}
|
|
1831
|
-
});
|
|
1832
|
-
});
|
|
1833
|
-
};
|
|
1809
|
+
// private async appendRecordPermission(records, userSession) {
|
|
1810
|
+
// const _ids = _.pluck(records, '_id');
|
|
1811
|
+
// const objPm = await this.getUserObjectPermission(userSession);
|
|
1812
|
+
// const permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
|
|
1813
|
+
// if (_.isEmpty(permissionFilters)) {
|
|
1814
|
+
// return;
|
|
1815
|
+
// }
|
|
1816
|
+
// const filters = formatFiltersToODataQuery(['_id', 'in', _ids])
|
|
1817
|
+
// const results = await this.directFind({
|
|
1818
|
+
// fields: ['_id'],
|
|
1819
|
+
// filters: `(${filters}) and (${permissionFilters.join(' or ')})`
|
|
1820
|
+
// });
|
|
1821
|
+
// const allowEditIds = _.pluck(results, '_id');
|
|
1822
|
+
// _.each(records, (record) => {
|
|
1823
|
+
// if (_.include(allowEditIds, record._id)) {
|
|
1824
|
+
// record.record_permissions = {
|
|
1825
|
+
// allowRead: true,
|
|
1826
|
+
// allowEdit: true,
|
|
1827
|
+
// allowDelete: true,
|
|
1828
|
+
// }
|
|
1829
|
+
// }
|
|
1830
|
+
// })
|
|
1831
|
+
// }
|
|
1834
1832
|
SteedosObjectType.prototype.getTriggerContext = function (when, method, args, recordId) {
|
|
1835
1833
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1836
1834
|
var userSession, context, _a;
|
|
@@ -1920,7 +1918,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1920
1918
|
args[_i - 1] = arguments[_i];
|
|
1921
1919
|
}
|
|
1922
1920
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1923
|
-
var adapterMethod, allow, objectName, recordId, doc, paramRecordId, returnValue, userSession, beforeTriggerContext, afterTriggerContext, previousDoc, values
|
|
1921
|
+
var adapterMethod, allow, objectName, recordId, doc, paramRecordId, returnValue, userSession, beforeTriggerContext, afterTriggerContext, previousDoc, values;
|
|
1924
1922
|
return tslib_1.__generator(this, function (_a) {
|
|
1925
1923
|
switch (_a.label) {
|
|
1926
1924
|
case 0:
|
|
@@ -1963,7 +1961,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1963
1961
|
return [4 /*yield*/, adapterMethod.apply(this._datasource, args)];
|
|
1964
1962
|
case 4:
|
|
1965
1963
|
returnValue = _a.sent();
|
|
1966
|
-
return [3 /*break*/,
|
|
1964
|
+
return [3 /*break*/, 21];
|
|
1967
1965
|
case 5:
|
|
1968
1966
|
userSession = args[args.length - 1];
|
|
1969
1967
|
return [4 /*yield*/, this.getTriggerContext('before', method, args)];
|
|
@@ -1989,43 +1987,40 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1989
1987
|
return [4 /*yield*/, adapterMethod.apply(this._datasource, args)];
|
|
1990
1988
|
case 10:
|
|
1991
1989
|
returnValue = _a.sent();
|
|
1992
|
-
if (
|
|
1993
|
-
|
|
1994
|
-
|
|
1995
|
-
|
|
1996
|
-
|
|
1997
|
-
|
|
1998
|
-
|
|
1999
|
-
|
|
2000
|
-
|
|
2001
|
-
_records = [_records]
|
|
1990
|
+
if (method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline') {
|
|
1991
|
+
values = returnValue || {};
|
|
1992
|
+
if (method === 'count') {
|
|
1993
|
+
values = returnValue || 0;
|
|
1994
|
+
}
|
|
1995
|
+
// else{
|
|
1996
|
+
// if (userSession) {
|
|
1997
|
+
// let _records = returnValue
|
|
1998
|
+
// if (method == 'findOne' && returnValue) {
|
|
1999
|
+
// _records = [_records]
|
|
2000
|
+
// }
|
|
2001
|
+
// await this.appendRecordPermission(_records, userSession);
|
|
2002
|
+
// }
|
|
2003
|
+
// }
|
|
2004
|
+
Object.assign(afterTriggerContext, { data: { values: values } });
|
|
2002
2005
|
}
|
|
2003
|
-
return [4 /*yield*/, this.appendRecordPermission(_records, userSession)];
|
|
2004
|
-
case 12:
|
|
2005
|
-
_a.sent();
|
|
2006
|
-
_a.label = 13;
|
|
2007
|
-
case 13:
|
|
2008
|
-
Object.assign(afterTriggerContext, { data: { values: values } });
|
|
2009
|
-
_a.label = 14;
|
|
2010
|
-
case 14:
|
|
2011
2006
|
// console.log("==returnValue==", returnValue);
|
|
2012
2007
|
if (method == 'insert' && _.has(returnValue, '_id')) {
|
|
2013
2008
|
afterTriggerContext.doc = returnValue;
|
|
2014
2009
|
afterTriggerContext = Object.assign({}, afterTriggerContext, { id: returnValue._id });
|
|
2015
2010
|
}
|
|
2016
|
-
if (!(method == "update")) return [3 /*break*/,
|
|
2017
|
-
if (!returnValue) return [3 /*break*/,
|
|
2011
|
+
if (!(method == "update")) return [3 /*break*/, 13];
|
|
2012
|
+
if (!returnValue) return [3 /*break*/, 12];
|
|
2018
2013
|
afterTriggerContext.doc = returnValue;
|
|
2019
2014
|
return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
|
|
2020
|
-
case
|
|
2015
|
+
case 11:
|
|
2021
2016
|
_a.sent();
|
|
2022
|
-
_a.label =
|
|
2023
|
-
case
|
|
2024
|
-
case
|
|
2025
|
-
case
|
|
2017
|
+
_a.label = 12;
|
|
2018
|
+
case 12: return [3 /*break*/, 15];
|
|
2019
|
+
case 13: return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
|
|
2020
|
+
case 14:
|
|
2026
2021
|
_a.sent();
|
|
2027
|
-
_a.label =
|
|
2028
|
-
case
|
|
2022
|
+
_a.label = 15;
|
|
2023
|
+
case 15:
|
|
2029
2024
|
if (method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline') {
|
|
2030
2025
|
if (_.isEmpty(afterTriggerContext.data) || (_.isEmpty(afterTriggerContext.data.values) && !_.isNumber(afterTriggerContext.data.values))) {
|
|
2031
2026
|
return [2 /*return*/, returnValue];
|
|
@@ -2041,9 +2036,9 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2041
2036
|
user_session: userSession,
|
|
2042
2037
|
previous_record: afterTriggerContext.previousDoc
|
|
2043
2038
|
}).run()];
|
|
2044
|
-
case
|
|
2039
|
+
case 16:
|
|
2045
2040
|
_a.sent();
|
|
2046
|
-
if (!returnValue) return [3 /*break*/,
|
|
2041
|
+
if (!returnValue) return [3 /*break*/, 19];
|
|
2047
2042
|
if (method === "insert") {
|
|
2048
2043
|
// 当为insert时,上面代码执行后的doc不带_id,只能从returnValue中取
|
|
2049
2044
|
doc = returnValue;
|
|
@@ -2051,18 +2046,18 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2051
2046
|
}
|
|
2052
2047
|
// 一定要先运行公式再运行汇总,以下两个函数顺序不能反
|
|
2053
2048
|
return [4 /*yield*/, this.runRecordFormula(method, objectName, recordId, doc, userSession)];
|
|
2054
|
-
case
|
|
2049
|
+
case 17:
|
|
2055
2050
|
// 一定要先运行公式再运行汇总,以下两个函数顺序不能反
|
|
2056
2051
|
_a.sent();
|
|
2057
2052
|
return [4 /*yield*/, this.runRecordSummaries(method, objectName, recordId, doc, previousDoc, userSession)];
|
|
2058
|
-
case
|
|
2053
|
+
case 18:
|
|
2059
2054
|
_a.sent();
|
|
2060
|
-
_a.label =
|
|
2061
|
-
case
|
|
2062
|
-
case
|
|
2055
|
+
_a.label = 19;
|
|
2056
|
+
case 19: return [4 /*yield*/, object_events_1.brokeEmitEvents(objectName, method, afterTriggerContext)];
|
|
2057
|
+
case 20:
|
|
2063
2058
|
_a.sent();
|
|
2064
|
-
_a.label =
|
|
2065
|
-
case
|
|
2059
|
+
_a.label = 21;
|
|
2060
|
+
case 21: return [2 /*return*/, returnValue];
|
|
2066
2061
|
}
|
|
2067
2062
|
});
|
|
2068
2063
|
});
|
|
@@ -2117,29 +2112,28 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2117
2112
|
});
|
|
2118
2113
|
});
|
|
2119
2114
|
};
|
|
2120
|
-
|
|
2121
|
-
|
|
2122
|
-
|
|
2123
|
-
|
|
2124
|
-
|
|
2125
|
-
|
|
2126
|
-
|
|
2127
|
-
|
|
2128
|
-
|
|
2129
|
-
|
|
2130
|
-
|
|
2131
|
-
|
|
2132
|
-
|
|
2133
|
-
|
|
2134
|
-
|
|
2135
|
-
|
|
2136
|
-
|
|
2137
|
-
|
|
2138
|
-
|
|
2139
|
-
|
|
2140
|
-
|
|
2141
|
-
|
|
2142
|
-
};
|
|
2115
|
+
// private getObjectPermissionFilters(objectPermission, userSession, isEdit) {
|
|
2116
|
+
// const objectPermissionFilters = [];
|
|
2117
|
+
// let permissionFiltersKey = 'read_filters';
|
|
2118
|
+
// if (isEdit) {
|
|
2119
|
+
// permissionFiltersKey = 'edit_filters';
|
|
2120
|
+
// }
|
|
2121
|
+
// const globalData = Object.assign({}, userSession, { now: new Date() });
|
|
2122
|
+
// let permissionFilters = objectPermission[permissionFiltersKey];
|
|
2123
|
+
// _.each(permissionFilters, (permissionFilter) => {
|
|
2124
|
+
// if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
|
|
2125
|
+
// try {
|
|
2126
|
+
// const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
|
|
2127
|
+
// if (filters && !_.isString(filters)) {
|
|
2128
|
+
// objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
|
|
2129
|
+
// }
|
|
2130
|
+
// } catch (error) {
|
|
2131
|
+
// console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
|
|
2132
|
+
// }
|
|
2133
|
+
// }
|
|
2134
|
+
// })
|
|
2135
|
+
// return objectPermissionFilters;
|
|
2136
|
+
// }
|
|
2143
2137
|
/**
|
|
2144
2138
|
* 把query.filters用formatFiltersToODataQuery转为odata query
|
|
2145
2139
|
* 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
|
|
@@ -2160,82 +2154,95 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2160
2154
|
};
|
|
2161
2155
|
SteedosObjectType.prototype.dealWithMethodPermission = function (method, args) {
|
|
2162
2156
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
2163
|
-
var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter,
|
|
2157
|
+
var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
|
|
2164
2158
|
return tslib_1.__generator(this, function (_a) {
|
|
2165
2159
|
switch (_a.label) {
|
|
2166
2160
|
case 0:
|
|
2167
2161
|
userSession = args[args.length - 1];
|
|
2168
|
-
if (!userSession) return [3 /*break*/,
|
|
2162
|
+
if (!userSession) return [3 /*break*/, 5];
|
|
2169
2163
|
spaceId = userSession.spaceId;
|
|
2170
2164
|
userId = userSession.userId;
|
|
2171
2165
|
return [4 /*yield*/, this.getUserObjectPermission(userSession)];
|
|
2172
2166
|
case 1:
|
|
2173
2167
|
objPm = _a.sent();
|
|
2174
|
-
if (method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')
|
|
2175
|
-
|
|
2176
|
-
|
|
2177
|
-
|
|
2178
|
-
|
|
2179
|
-
|
|
2180
|
-
|
|
2181
|
-
|
|
2182
|
-
|
|
2183
|
-
|
|
2184
|
-
|
|
2185
|
-
|
|
2186
|
-
|
|
2187
|
-
|
|
2188
|
-
|
|
2189
|
-
|
|
2190
|
-
|
|
2191
|
-
|
|
2192
|
-
|
|
2193
|
-
|
|
2194
|
-
|
|
2195
|
-
|
|
2196
|
-
}
|
|
2197
|
-
companyFilter = _.map(userSession.companies, function (comp) {
|
|
2198
|
-
return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
|
|
2199
|
-
});
|
|
2200
|
-
}
|
|
2201
|
-
if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
|
|
2202
|
-
ownerFilter = "(owner eq '" + userId + "')";
|
|
2203
|
-
}
|
|
2204
|
-
objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
|
|
2205
|
-
if (!_.isEmpty(objectPermissionFilters)) {
|
|
2206
|
-
permissionFilters.push("(" + objectPermissionFilters.join(' or ') + ")");
|
|
2207
|
-
}
|
|
2208
|
-
sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
|
|
2209
|
-
if (!_.isEmpty(companyFilter)) {
|
|
2210
|
-
permissionFilters.push("(" + companyFilter.join(' or ') + ")");
|
|
2211
|
-
}
|
|
2212
|
-
if (ownerFilter) {
|
|
2213
|
-
permissionFilters.push(ownerFilter);
|
|
2214
|
-
}
|
|
2215
|
-
if (!_.isEmpty(sharesFilter)) {
|
|
2216
|
-
permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
|
|
2217
|
-
}
|
|
2218
|
-
if (clientFilter) {
|
|
2219
|
-
userFilters.push(clientFilter);
|
|
2220
|
-
}
|
|
2221
|
-
if (spaceFilter) {
|
|
2222
|
-
userFilters.push(spaceFilter);
|
|
2223
|
-
}
|
|
2224
|
-
if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
|
|
2225
|
-
filters = permissionFilters.join(' or ');
|
|
2226
|
-
}
|
|
2227
|
-
if (!_.isEmpty(userFilters)) {
|
|
2228
|
-
filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
|
|
2168
|
+
if (!(method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')) return [3 /*break*/, 4];
|
|
2169
|
+
query = args[args.length - 2];
|
|
2170
|
+
if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
|
|
2171
|
+
query = args[args.length - 3];
|
|
2172
|
+
}
|
|
2173
|
+
if (query.filters && !_.isString(query.filters)) {
|
|
2174
|
+
query.filters = filters_1.formatFiltersToODataQuery(query.filters);
|
|
2175
|
+
}
|
|
2176
|
+
if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
|
|
2177
|
+
return [2 /*return*/];
|
|
2178
|
+
}
|
|
2179
|
+
if (util_1.isCloudAdminSpace(spaceId)) {
|
|
2180
|
+
return [2 /*return*/];
|
|
2181
|
+
}
|
|
2182
|
+
spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, shareRuleFilters = void 0, restrictionRuleFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
|
|
2183
|
+
if (spaceId) {
|
|
2184
|
+
spaceFilter = "(space eq '" + spaceId + "')";
|
|
2185
|
+
}
|
|
2186
|
+
if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
|
|
2187
|
+
if (_.isEmpty(userSession.companies)) {
|
|
2188
|
+
console.log('objPm', objPm);
|
|
2189
|
+
throw new Error("user not belong any company!");
|
|
2229
2190
|
}
|
|
2230
|
-
|
|
2191
|
+
companyFilter = _.map(userSession.companies, function (comp) {
|
|
2192
|
+
return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
|
|
2193
|
+
});
|
|
2231
2194
|
}
|
|
2232
|
-
|
|
2195
|
+
if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
|
|
2196
|
+
ownerFilter = "(owner eq '" + userId + "')";
|
|
2197
|
+
}
|
|
2198
|
+
return [4 /*yield*/, shareRule_1.ShareRules.getUserObjectFilters(this.name, userSession)];
|
|
2199
|
+
case 2:
|
|
2200
|
+
shareRuleFilters = _a.sent();
|
|
2201
|
+
if (!_.isEmpty(shareRuleFilters)) {
|
|
2202
|
+
permissionFilters.push("(" + shareRuleFilters.join(' or ') + ")");
|
|
2203
|
+
}
|
|
2204
|
+
return [4 /*yield*/, restrictionRule_1.RestrictionRule.getUserObjectFilters(this.name, userSession)];
|
|
2205
|
+
case 3:
|
|
2206
|
+
restrictionRuleFilters = _a.sent();
|
|
2207
|
+
if (!_.isEmpty(restrictionRuleFilters)) {
|
|
2208
|
+
userFilters.push("(" + restrictionRuleFilters.join(' or ') + ")");
|
|
2209
|
+
}
|
|
2210
|
+
// objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
|
|
2211
|
+
// if (!_.isEmpty(objectPermissionFilters)) {
|
|
2212
|
+
// permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
|
|
2213
|
+
// }
|
|
2214
|
+
sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
|
|
2215
|
+
if (!_.isEmpty(companyFilter)) {
|
|
2216
|
+
permissionFilters.push("(" + companyFilter.join(' and ') + ")");
|
|
2217
|
+
}
|
|
2218
|
+
if (ownerFilter) {
|
|
2219
|
+
permissionFilters.push(ownerFilter);
|
|
2220
|
+
}
|
|
2221
|
+
if (!_.isEmpty(sharesFilter)) {
|
|
2222
|
+
permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
|
|
2223
|
+
}
|
|
2224
|
+
if (clientFilter) {
|
|
2225
|
+
userFilters.push(clientFilter);
|
|
2226
|
+
}
|
|
2227
|
+
if (spaceFilter) {
|
|
2228
|
+
userFilters.push(spaceFilter);
|
|
2229
|
+
}
|
|
2230
|
+
if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
|
|
2231
|
+
filters = permissionFilters.join(' or ');
|
|
2232
|
+
}
|
|
2233
|
+
if (!_.isEmpty(userFilters)) {
|
|
2234
|
+
filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
|
|
2235
|
+
}
|
|
2236
|
+
query.filters = filters;
|
|
2237
|
+
return [3 /*break*/, 5];
|
|
2238
|
+
case 4:
|
|
2239
|
+
if (method === 'insert') {
|
|
2233
2240
|
if (!objPm.allowCreate) {
|
|
2234
2241
|
throw new Error("no " + method + " permission!");
|
|
2235
2242
|
}
|
|
2236
2243
|
}
|
|
2237
2244
|
else if (method === 'update' || method === 'updateOne') {
|
|
2238
|
-
permissionFilters =
|
|
2245
|
+
permissionFilters = null;
|
|
2239
2246
|
if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
|
|
2240
2247
|
throw new Error("no " + method + " permission!");
|
|
2241
2248
|
}
|
|
@@ -2303,7 +2310,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2303
2310
|
}
|
|
2304
2311
|
}
|
|
2305
2312
|
else if (method === 'delete') {
|
|
2306
|
-
permissionFilters =
|
|
2313
|
+
permissionFilters = null;
|
|
2307
2314
|
if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
|
|
2308
2315
|
throw new Error("no " + method + " permission!");
|
|
2309
2316
|
}
|
|
@@ -2336,8 +2343,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2336
2343
|
}
|
|
2337
2344
|
args[args.length - 2] = id;
|
|
2338
2345
|
}
|
|
2339
|
-
_a.label =
|
|
2340
|
-
case
|
|
2346
|
+
_a.label = 5;
|
|
2347
|
+
case 5: return [2 /*return*/];
|
|
2341
2348
|
}
|
|
2342
2349
|
});
|
|
2343
2350
|
});
|